Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cidr_match in lookup tables #246

brucegivens opened this Issue Feb 9, 2018 · 2 comments


None yet
4 participants
Copy link

brucegivens commented Feb 9, 2018

It would be useful to have the ability to perform a cidr_match on the keys of a lookup table.

The goal would be to look up a specific IP in a list of subnets and have the column(s) for the subnet to which that IP belongs returned.

For example, looking up against the following CSV would return 'office':


Currently, a 1:1 match is required for the key such that the subnet would have to be known before the lookup could be performed.

For reference, the Graylog Community thread:

It may also be a solution to use a custom MaxMind DB for this as described here:

But it appears as if Graylog can only use the predefined City and Country MMDB formats for a data adapter.

@jalogisch jalogisch added the feature label Feb 12, 2018

@florianvolle florianvolle added this to the 3.0.0 milestone Feb 22, 2018

@bernd bernd removed this from the 3.0.0 milestone Nov 16, 2018


This comment has been minimized.

Copy link

jalogisch commented Mar 15, 2019

he @brucegivens

if you use the processing pipelines for the GEO IP Lookup - with your custom database, you would be able to access that information you add yourself.

Please see how to-do this in this posting:

With that and your custom DB you would be able to access the information.


This comment has been minimized.

Copy link

brucegivens commented Mar 29, 2019

Hmm, interesting idea - I'll give it a whirl, will take some time before I'll be able to look into it, though.
Thanks for the input!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.